Hello Guys,

I have three clients with whom I share my internet connection, but they use alot of data so I want to limit them I want that they can only use 5GB after that their connection become invalid till next month.

Please give any solution!

Thanks

You could that with iptables quota
http://wiki.openwrt.org/doc/howto/netfilter

some more info how to craft your custom firewall rules:
http://varinderjhand.wordpress.com/2012 … sed-acces/

the custom firewall rules:

iptables -N quota

iptables -A quota -m quota –-quota 5368709120 -j RETURN
iptables -A quota -j reject

iptables -A zone_lan_forward -j quota -m mac --mac-source AA:D2:BD:1C:19:35 # example 1
iptables -A zone_lan_forward -j quota -s 192.168.0.4 #example 2

You can copy the line with the mac address or ip as many times if you like because it points to the newly created chain quota that does the  actual quota checking. (also you don't need the ip and mac both)

also rebooting the router resets the quota again as well, with traffic shaping and limitting the bandwidth availlable is a nicer solution in my opinion.
Also if the quota is reached you could use iptables REDIRECT to redirect traffic on port 80 to a webserver (that doesn't have to run on port 80). to inform the quota has been reached.

For resetting the quota you could opt for restarting the firewall via cron (Scheduled Tasks)

0 0 1 * * /etc/init.d/firewall restart

this will restart the firewall at madnight first day of each month
http://www.thegeekstuff.com/2009/06/15- … -examples/

some more info on traffic shaping: http://wiki.openwrt.org/doc/howto/packe … .scheduler

And a final note, since it is rather easy to change a mac or ip, you can also make a seperate zone for them and assign it to a specific port on the router or a seperate ssid on the wifi (or both). and monitor that instead.

Also 5GBytes translates to more or less 15 Kbps continues per month, damn with my dailup years ago i could download more.

(Last edited by FriedZombie on 7 Sep 2013, 03:37)

Thank you FriedZombie for the reply, this seems to be very helpful but just have a small confusion, what you mean by this:

Please check my previous reply. And while I was trying your solution I got this error:

root@OpenWrt:~# iptables -A quota -m quota -quota 655360 -j RETURN
iptables v1.4.10: Couldn't load match `quota':File not found

Install the iptables-mod-extra package:

opkg update
opkg install iptables-mod-extra

I mean if you restart the router the bandwidth counters of iptables quota are reset to zero again.

for more info on traffic shaping and what it is, see the packet.scheduler link

it is not working, i set 5 mb quota for my android but it continued to work ever.

Did you install the  iptables-mod-extra package?
also how did you set the rules?
what does the log say?
did the file come from the internet or local? since the quota is only counted in my example if it came from a different zone (e.g. the WAN side)

I tested the rules on my router, they did work

(Last edited by FriedZombie on 20 Sep 2013, 09:42)

Yes, I installed:
iptables    1.4.10-4
iptables-mod-extra    1.4.10-4

For setting the rules I run this:-

iptables -N quota

iptables -A quota -m quota –-quota 655360 -j RETURN
iptables -A quota -j reject

iptables -A zone_lan_forward -j quota -m mac --mac-source AA:D2:BD:1C:19:35 #with my MAC

Which log ?
I installed openwrt on my 2nd router to use it as extender, it connects to main router by wireless connection and just serve internet through it no local file.

(Last edited by rajnish357 on 21 Sep 2013, 15:47)

I meant the system log, but that doesn't really matter in this case
655360 = 640 megabytes

the notation of the rule is in kilobytes, so for 5mb set it to 5120 then it should cutoff after 5 mb
(I thought it was in bytes first, but for some odd reason I used it correctly while testing).

Hi I test this but it is not work.  Where is the place where I have to write this rules ? Isn't it /etc/firewall.user ?
How I can see used traffic with iptables ?

With regards